Exchange Token

Method is used to obtain user's permanent access token by exchanging it with the access code received during the user authentication.

Request

https://api.dapi.com/v2/auth/ExchangeToken

Request Example

{
	"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
	"accessCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImlhdCI6MTYxNjQyOTI0MCwiZXhwIjoxNjE2NDI5NTQwfQ.FVo8b-krSDNHjIormm_BZAUxUfr_4ZEAzp_xh9WuR0M",
	"connectionID": "2c72a336a7c09fd905f9adf3dc5ff976d58eeb20"
}

Body Parameters

Parameter	Type	Description
appSecret REQUIRED	`String`	Private token generated at application creation.
accessCode REQUIRED	`String`	Unique code for a user’s successful login to Connect. Returned in the response of UserLogin.
connectionID REQUIRED	`String`	The `connectionID` from a user’s successful log in to Connect

Response

Response Example

{
  "success": true,
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImF1dGhvcml6YXRpb25zIjp7ImF1dGhlbnRpY2F0aW9uIjp7ImNyZWF0ZSI6dHJ1ZX0sImlkZW50aXR5Ijp7ImdldCI6ZmFsc2V9LCJhY2NvdW50cyI6eyJnZXQiOmZhbHNlfSwiYmFsYW5jZSI6eyJnZXQiOmZhbHNlfSwidHJhbnNhY3Rpb25zIjp7ImdldCI6ZmFsc2V9LCJiZW5lZmljaWFyaWVzIjp7ImdldCI6ZmFsc2UsImNyZWF0ZSI6ZmFsc2V9LCJ0cmFuc2ZlciI6eyJjcmVhdGUiOmZhbHNlfSwiY2FyZHMiOnsiZ2V0IjpmYWxzZX0sInN0YXRlbWVudHMiOnsiZ2V0IjpmYWxzZX0sInByb2R1Y3RzIjpbImRhdGEiLCJwYXltZW50Il19LCJpYXQiOjE2MTY0MjkzMTZ9.MIicjZXD8ojOqInzKqeyzmfCkQaxl7K6NU7Q5UPt47Y",
  "status":"done"  
}

Response Parameters


success	`Boolean`	Returns `true` if request is successful and `false` for all else.
accessToken	`String`	A unique permanent token linked to one user. Is only returned if the request was successful
status	`Enum`	Status of the operation `done` - Operation Completed `failed` - Operation Failed `user_input_required` - Pending User Input `initialized` - Operation In Progress *For further explanation see Operation Statuses
type	`Enum`	Type of error encountered Is only returned if the request was not successful
msg	`String`	Detailed description of the error Is only returned if the request was not

Examples

Successful

{
	"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
	"accessCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImlhdCI6MTYxNjQyOTI0MCwiZXhwIjoxNjE2NDI5NTQwfQ.FVo8b-krSDNHjIormm_BZAUxUfr_4ZEAzp_xh9WuR0M",
	"connectionID": "2c72a336a7c09fd905f9adf3dc5ff976d58eeb20"
}

{
  "success": true,
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImF1dGhvcml6YXRpb25zIjp7ImF1dGhlbnRpY2F0aW9uIjp7ImNyZWF0ZSI6dHJ1ZX0sImlkZW50aXR5Ijp7ImdldCI6ZmFsc2V9LCJhY2NvdW50cyI6eyJnZXQiOmZhbHNlfSwiYmFsYW5jZSI6eyJnZXQiOmZhbHNlfSwidHJhbnNhY3Rpb25zIjp7ImdldCI6ZmFsc2V9LCJiZW5lZmljaWFyaWVzIjp7ImdldCI6ZmFsc2UsImNyZWF0ZSI6ZmFsc2V9LCJ0cmFuc2ZlciI6eyJjcmVhdGUiOmZhbHNlfSwiY2FyZHMiOnsiZ2V0IjpmYWxzZX0sInN0YXRlbWVudHMiOnsiZ2V0IjpmYWxzZX0sInByb2R1Y3RzIjpbImRhdGEiLCJwYXltZW50Il19LCJpYXQiOjE2MTY0MjkzMTZ9.MIicjZXD8ojOqInzKqeyzmfCkQaxl7K6NU7Q5UPt47Y",
  "status":"done" 
}

Failed - Missing Mandatory Parameters

{
	"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
	"accessCode": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzYWx0IjoiRmlHUUhDM2NwZ01NZmhaejNHMk8zNitHakdBUEs0ZFptSEgwRy9jN1cxWT0iLCJhcHBLZXkiOiI0OTc3OTFjZmQ1MTBmMjI1MDc1Yzk3YWNkYzFkYmY0YTI1ZDczNTgxNGZlMmE3OGQxZjRiMGI4OTcxOGU3ZWQ2IiwidG9rZW5JRCI6IjYxMWM3YWE4LTcwYWYtNGQ3Zi1hODk1LTI4OWU4OTIzOTMxMyIsImlhdCI6MTYxNjQyOTI0MCwiZXhwIjoxNjE2NDI5NTQwfQ.FVo8b-krSDNHjIormm_BZAUxUfr_4ZEAzp_xh9WuR0M"
}

{
  "success": false,
  "status": "failed",
  "msg": "Validation error on field 'connectionID'. Error: value must not be an empty string",
  "type": "INVALID_ARGS"
}

Failed - Invalid AccessCode

{
	"appSecret": "00bae841ad979345fca2e2585c000da7eac420504d189cf63315e7a6234d45c68dbd6fff749167292cd1475622805dce7a2b979db3c16e25a2897158ee63845b1043930ff603e19deb1d2d54ad9afc3d52df241d3c4e7286244a2f98a10212e38b2e9f8b0e3a7592702fa4358fb9103b93a26dd6bb92c2be0327ac054f14becc",
	"accessCode": "Invalid_access_code",
	"connectionID": "2c72a336a7c09fd905f9adf3dc5ff976d58eeb20"
}

{
  "msg": "Invalid token",
  "type": "INVALID_TOKEN",
  "success": false,
  "status": "failed"
}

FAQ

What is the difference between accessCode and accessToken?

accessCode is a temporary token generated upon successful authentication via the Connect Layer.

accessToken is a permanent token that is generated upon sending the accessCode along other secrets to Dapi using the exchangeToken request.

How permanent is the accessToken?

One accessToken corresponds to one pair of login credentials into one bank account. The only way the accessToken loses its validity is if the user changes their login credentials or if the De-Link User API is called.

Why do I need an accessToken?

accessToken is required to make any following API calls to Dapi to retrieve data or initiate payments.